CVE-2020-37136
Unknown Unknown - Not Provided
Buffer Overflow in ZOC Terminal 7.25.5 Causes DoS

Publication date: 2026-02-05

Last updated on: 2026-02-05

Assigner: VulnCheck

Description
ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create SSH key files.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-05
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-14
NVD
CVE-2020-37136
EUVD
EUVD-2020-31035
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
emtec zoc_terminal 7.25.5
emtec zoc_terminal to 7.25.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-37136 is a denial of service vulnerability in ZOC Terminal version 7.25.5. It occurs in the private key file input field when creating SSH key files. An attacker can exploit this by inputting a specially crafted 2000-byte buffer into the private key file input, which causes the application to crash and become unresponsive.

Impact Analysis

This vulnerability can cause the ZOC Terminal application to crash and become unresponsive, resulting in a denial of service condition. This means legitimate users will be unable to use the application to create SSH key files until it is restarted, potentially disrupting workflows that depend on this functionality.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability is triggered locally on the affected system by exploiting the "Private key file" input field during the creation of SSH key files in ZOC Terminal version 7.25.5.'}, {'type': 'paragraph', 'content': 'To detect the vulnerability, you can attempt to reproduce the denial of service condition by running a test similar to the known exploit:'}, {'type': 'list_item', 'content': 'Run a Python script that generates a 2000-byte buffer of "A" characters (e.g., "\\x41" * 2000) and save it to a text file.'}, {'type': 'list_item', 'content': 'Copy the contents of this text file to the clipboard.'}, {'type': 'list_item', 'content': 'Open ZOC Terminal, navigate to File > Create SSH Key Files.'}, {'type': 'list_item', 'content': 'Paste the buffer into the "Private key file:" input field.'}, {'type': 'list_item', 'content': 'Click "Create public/private key files..." and observe if the application crashes or becomes unresponsive.'}, {'type': 'paragraph', 'content': 'This sequence effectively tests for the presence of the vulnerability by reproducing the denial of service condition.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Immediate mitigation steps include avoiding the use of the "Private key file" input field with untrusted or oversized input buffers in ZOC Terminal version 7.25.5.'}, {'type': 'paragraph', 'content': 'Since the vulnerability requires local user interaction, restricting access to the affected application and limiting user permissions can reduce risk.'}, {'type': 'paragraph', 'content': 'Monitor for application crashes related to SSH key file creation and avoid pasting large or malformed data into the private key file input.'}, {'type': 'paragraph', 'content': 'Check for updates or patches from the vendor (https://www.emtec.com) that address this vulnerability and apply them as soon as they become available.'}] [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37136. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart